Businesses should not panic about the
Conficker worm, but there should be a modicum of concern, says
Conficker researcher Dan Kaminsky.
The worm, believed to be lying dormant on millions of computers,
is expected to contact control and command centres today, prompting
fears of cyber attacks.
Security experts have
downplayed the scale of the threat by pointing out that
relatively few variants of Conficker are programmed to check in to
control centres on 1 April.
Organisations have been advised to apply the relevant Microsoft
security patch issued in October, but many IT departments have
struggled to identify infected machines.
Conficker is designed to mask its presence, but in an
important breakthrough announced this week, Kaminsky and two
other researchers found a way of tracking it down.
"Conficker actually changes what Windows looks like on the
network, and this change can be detected remotely, anonymously and
quickly," said Kaminsky.
Several security software supplier have used the discovery to
develop enterprise scanners, making it much easier for businesses
to measure their exposure to Conficker.
"We have really moved this into the due diligence territory of
one engineer kicking off a scan before lunch and getting answers by
the time he gets back," said Kaminsky.
The researchers still do not know what Conficker is going to do
if it is allowed to contact its command and control centres, but
Kaminsky said its authors are clearly malicious and this scanner
makes it cheap enough to find their code.
Until now, IT departments have had no way of telling which
computers in their networks have been patched with the genuine
Microsoft patch and risked overlooking infected computers that
Conficker made appear to be patched.